Privacy concerns spill over offline: 5 steps you must take to prevent identity theft

How many times have you put down your name and number in a visitor’s book after making a purchase in a store? And filled in all your life’s details — from birth date to marital status — while registering on an ecommerce site or some delivery app? Next time you are asked to do that, step back and fill in only the mandatory information, and be cagey wherever you can, because your personal information is at risk of being stolen and being used for fraudulent activities and harassment.

No, I’m not exaggerating. In the past month alone, at least three of my women friends have been harassed on WhatsApp. In all three cases, the offender got their phone numbers and name from offline transactions (one of them had made an entry in a visitors book in some store) and then went online to harass the person. In one case, the stalker even traced my friend’s Facebook profile using her mobile number, name and location, and continued the harassment online. He would keep sending her friend requests and WhatsApp her from multiple numbers as she kept blocking him.

This recent report in the Hindustan Times about mobile numbers of women being sold at recharge outlets across Uttar Pradesh with the pricing based on their looks reveals what levels harassment can go to.

And that’s just harassment. With online identity becoming the primary identity to be used in everything from banking to PDS, you have to worry about privacy not only online but also offline. The Economic Times has a story this morning (Tuesday) about how your personal data ends up in the hands of ‘data brokers’ who sell it cheaper than chewing gum.

As your offline interactions are increasingly tagged to your online profiles — usually Gmail or Facebook — and mobile number, it’s becoming that much easier for cybercriminals to steal your online identity and commit financial frauds. Armed with your mobile phone number and data gleaned from your offline transactions, attackers can con you to get even more confidential information. The process — called social engineering in information security wherein a thief manipulates people to perform actions that give away confidential information — is usually employed to steal money using credit or bank account card details.

There is no foolproof way to stop this. The best way is to minimise online-offline linkage, thereby curbing violation of privacy, identity theft and online harassment. Here’s how you can up your offline privacy.

Your mobile number is the key

We Indians are liberal with sharing our mobile numbers. But now, more than ever, it’s important to be careful about this. As transactions go online, the mobile number has become the primary identifier of individuals.

Don’t give your mobile number to anyone you don’t know or enter it during any offline or online activity unless it’s absolutely required to do so. You could leave a dummy number, unless you are legally required to provide one.

If you can afford it and if your employer allows it, use separate numbers for business and personal work. Use only your work number on your business card and in public interactions and situations. Keep the personal number personal.

Unlist your number from Truecaller as it gives away your name, gender and photograph (if you have uploaded one) to anyone who’s on the TrueCaller network. Also hide your profile picture, status etc on WhatsApp from people who are not on your contact list by going to settings->account->privacy.

Keep your ID documents safe and dispose them properly

Most services — like getting a mobile number, booking a hotel room, mobile wallets etc — require you to to submit identity and address proof documents. Don’t send soft copies or allow anyone to scan your documents. Provide a black-and-white self-attested photocopy along with the date and the reason it has been furnished. This makes it tough for criminals to fake documents.

Your credit card and telephone bills contain valuable personal information. Opt to get them on email. Don’t opt for hard copies by post. If you need physical copies, take printouts and shred them before disposing them.

Also, make sure you shred receipts attached to courier packages that you receive from Amazon or Flipkart or other online retailers as they too contain a lot of personal information.

Update your address to current

Don’t be lax about updating your address in the records of financial — banks, insurance companies, stockbrokers, credit card companies — and other service providers when you relocate. Even if you’ve opted for e-versions of bills, there are chances they may send information on offers, annual statements, reminders for renewal of subscriptions etc by snail mail.

If you’re not in the country or your address is temporary, use your permanent address (parents?) as your primary contact/mailing address. This way, you know some is always available to receive post.

Keep your phone connection active

Make sure the mobile number linked to your bank is active. Stealing identity through a duplicate SIM has become a reality. It’s usually done with the perpetrator requesting a duplicate sim claiming that he/she owns the number and has lost the phone. Usually, fudged documents are used to prove identity and address. So, if your SIM / connection goes offline for long periods of time, remember to call your telco.

Half-truths are fine for online profiles

Not every bit of data on your online profiles — Facebook, Linkedin, Google Plus, Twitter needs to be completely true unless it’s required by the law. It’s also not necessary to fill in all the boxes. For instance, there is no need to fill in the marital status or your birthdate while registering on a delivery service app.

Also be careful while setting up security questions to recover passwords. Usually, the questions are based on simple real life information like: “What was the make and model of your first car?” Such answers are easy to guess, especially if someone knows you in personal life.

Archives

Archives

Copyright and Disclosure

(C) Thejesh GN.The views expressed on this site are mine (Thejesh GN) alone and do not necessarily reflect the views of my employer. Please read the terms and conditions before reading or commenting on this blog.